<script>
// Set authentication info
window.addEventListener("message", function(evt) {
    var port = evt.ports[0];
    // Cookies that might be used cross-site must be marked SameSite=None and Secure.
    // Secure cookies can be used on localhost URLs, even those with http schemes.
    document.cookie = 'cookie=' + evt.data.cookie + "; SameSite=None; Secure";
    var xhr = new XMLHttpRequest();
    xhr.addEventListener('load', function() {
        port.postMessage({msg: 'LOGIN FINISHED'});
      }, false);
    xhr.open('GET',
             './fetch-access-control.php?Auth',
             true,
             evt.data.username, evt.data.password);
    xhr.send();
  }, false);
</script>
